A person who claims to have been the owner of a Bored Ape Yacht Club non-fungible token (NFT) has decided to sue NFT marketplace OpenSea, alleging that the platform was aware of a bug that allowed scammers to buy NFTs well below their listed market price. The Texas, US-based individual who’s suing OpenSea claims that he’s the rightful owner of a rare Ape that was wrongfully bought off by a hacker at a really low price and then promptly sold. OpenSea, the world’s biggest marketplace for NFTs, meanwhile, is in the midst of a more recent breach that has costed the company hundreds of digital collectibles amounting to losses worth $1.7 million (roughly Rs. 12.5 crore).
In a complaint filed in Texas federal court, seen first by those over at Decrypt, the individual who goes by Timothy McKimmy claims he is the owner of Bored Ape #3475 — one of a set of 10,000 highly coveted primate NFTs known as the Bored Ape Yacht Club and one which ranks in the top 1,400 in terms of rarity. McKimmy claims in his complaint that he did not list his Bored Ape for sale and that the NFT was “stolen” and that the “buyer” promptly resold it for 99 ETH ($250,000 or roughly Rs. 2 crore).
For an idea of how rare the NFT is, McKimmy claims his Ape is significantly more rare than the Bored Ape NFT Justin Bieber recently purchased for $1.3 million (roughly Rs. 10 crore). He is seeking “the return of the Bored Ape… and/ or damages over $1 million (roughly Rs. 7.5 crore).”
The alleged vulnerability that led to the widely-reported “phishing attack” was not unknown to OpenSea, McKimmy claims, arguing that OpenSea “was aware of security vulnerabilities in its platform,” and that despite having “full knowledge of these security issues, [the popular platform] did not properly inform its users and did not timely put adequate safety measures in place.” Instead of shutting down its platform “to address and rectify these security issues,” McKimmy alleges that OpenSea “continued to operate”.
Although unrelated to McKimmy’s incident, OpenSea’s more recent hack reveals that attacker(s) lured OpenSea users into digitally signing malicious messages via phishing emails or websites. Exact details are still unclear although Devin Finzer, the co-founder and CEO of OpenSea has stated on Twitter that at least 32 of the platform’s users have fallen prey to this attack.
Blockchain security firm PeckShield has also been following the incident closely while also monitoring developments. PeckShield has been able to compile a list of 254 NFTs that were stolen in this attack.